Access Your User Profile

Endpoint URL: /{customerId}/auth-ui/profile


The /{customerId}/auth-ui/profile endpoint opens the Manage Profile screen for the user associated with the active session. For example, if August Joseph Springer logs on to a site and “owns” the active session, then calling the /{customerId}/auth-ui/profile endpoint brings up his Manage Profile screen:

As you probably noticed, this means that no authentication is needed to call the /{customerId}/auth-ui/profile endpoint: instead, access to the endpoint relies on a cookie that points to the active Hosted Login session. If there is no such cookie, and thus no active session, then your call to this endpoint fails with the following error:

However what is needed to call this endpoint is the ID of the OIDC client that the user employed when logging in. The client_id parameter is one of three parameters available for use with the /{customerId}/auth-ui/profile endpoint:






Unique identifier of the OIDC client that the user employed when logging on. If this parameter isn’t included in the authorization request you’ll get a Bad request error:

If the parameter is included, but you specify an invalid client ID, you’ll get a Something went wrong error:



In Hosted Login v2, the redirect_uri parameter specifies the URL users are redirected to if they click the Back to App button in their user profile:

The Back to App button is not supported in Hosted Login v1. In the v1 version of Hosted Login, the redirect_uri parameter specifies the URL that users should be redirected to if they click Logoff in their user profile. Note that the specified URL must be included in the OIDC client’s redirect_uri property. If it’s not, the user profile will not be opened and the Something went wrong error messageis displayed.

If there's no active Hosted Login session then the No authenticated session found OAuth error is returned to the app.

And, of course, no user profile is displayed.



An arbitrary value that can be used to track a redirect after the user has clicked Logoff in their user profile. For example, suppose state is set to 87651431 and the redirect_uri is set to When a user clicks Logoff and is redirected, the URI they’re redirected to should look like this:

Including the state in the URI provides assurance that Hosted Login was responsible for the redirect.

Respects the API Client Allow List: No

Sample Request

For example, this command opens the Manage Profile page for the current user and, after the user clicks Logoff, redirects the user to

You can also directly access the individual sections of your user profile by using these URLs:

  • Personal Data:
  • Account Security:
  • Privacy Settings: